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(54) TiUc: TRANSFER OF SIGNED AND ENCRYPTED INFORMATION 
(57) Abstract 



The invention relates to a device and a method at 
a telecommunications system and a data communications 
system which makes possible signing and encryption of 
the information which is transmitted between a transmitting 
and a receiving equipment in said system. The invention 
is briefly characterized in a software for signing and 
encryption by means of smart cards which are linked 
togedier with a software which can show text, data entry 
fields, buttons, etc. This program is utilized as a plug-in 
unit or a Java-unit in a WWW-browser, Before the 
information is shown to the user, or is transmitted from the 
user, encryption functions can be applied to the information. 
All internal communication related to the safety on the local 
PC will by that be needless, by all necessary infomnation 
processing being, performed in said plug-in unit All extra 
steps in the signalling process is by iJiat concealed from, the 
user and intruders, if any. 
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TRANSFER OF SIGNED AND ENCRYPTED INFORMATION 



FIELD OF THE INVENTION 
5 The present invention relates to a device and a method 

at a telecommunications system or data communications 
system which makes possible signing and encryption of 
information which is transmitted between a transmitting 
equipment and a receiving equipment. 

10 

PRIOR ART 

The increased interest among the public in IT and 
especially Internet has resulted in that many companies pch 
private persons want to carry on trade via Internet. ; 

15 The problem that will arise when someone wants to sell 

anything via Internet is how payment communication and ^ 
trade communication shall be made in a reliable and to ^ 
unauthorized persons uninterpretable way. 

- Another situation— of -^se -whe^- it -is -important- with- — 

20 safe information tf an&f'er ^^^'whe^'e^*^ persons 
^ ' shall have possibility ta^::acquaint .themselves with the^ ■ 
contents of transmitted information,. is-When- certain 
persons/cpmpanies-'^haVe authority to read cei-tain programs'';' 
or... databases in av communications system (for; instance . .. 

25 . Internet) . • • - v . : - . - ; . 

' *■ .{...:• ) .t * 

* ' The- problem above 'is solved by means of encryption of 
. /the- information whicri'/,, is ^transmitted andj verification of 
the identity of the users^^who are transmitting the . 
information. The encryption and signing' 6f today via 
30 Internet, however, is . imperfect because/there occur . 

unneccessary communication of not encrypted information^ 
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between prociessors and serviers before the information is 
encrypted. 

If one fot iristancie today wants to sign and encrypt a 
document ' in' Internet /" wWere a' wefc^sWrver is riiri iocally 
5 towards the client machine, the document^is trarismitted to *- 
the server where a CGI (Commbn Gateway' Interface) -program 
performs sigriing/encryptibri. ^ • - - ' - *• 

After that a newly made page is transmitted fxom the 
CGi -program to the Web-broWseV CW^b- reader) whefe-bne 
10 acknowledges €he trarismisision of daita 'fr6m the "machirte . 

In order to'^find out Whether the "prior art ' desciribes ' 
encryption and signing via Internet, a preliminary ■ 
investigation was made, at which the following document^ 
were found: 

15' " ' * ' Docutftent 1: 'ep^^AI, '6$3 836' " ' " ^' ' ' 

2 T Ep7a2V 702 477 - 
^ ' ^ ■ 3: W6, AlV" 96/056ar . ' 

; "^4: WO;AlV 93/15581 ' 
• :^ . 5-: DE^Ai; 44 14- 553' - 
20 6: EP,A1, 696 121 (abstract + figure)- 



Document' 1 relates to a* method ahcl equipment for managing 
of code keys at transmissioW 'of encrypted information over 
'Internet. See ' especially "Sumitiaxy of the invent ion" , • 
25 "Application of the present Invention tfo Site ' Firewalls"- 

(column 13, Figure 6-ld) and "User Authenticatiori" (column 
17) . * ■ ' - ' ^ • ' ' ' " " ' ■ 

nnnument ' 2 relates to a system for automatic 'encryption 
and decryption of data packets transmitted between "sites" 
30 "^On Internet or other data networks. See especially ' ^ ' 
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"Abstract/^ . "description (page 1) and "A?E,ENpiX A" (page^ 

8) . t ^ 

. Doucrame'nt: 3 describes a device and a method for, 
indentif ication and au^thenticatiqn ,,at establishing of 
5 connection to local .data n^^tworks via, for . instance ^. ... 
Internat . .The docum^^^t , does , not deal with encrypted 
transmission. See especially "^s tract", and Figure.,! and 3 
with beOjOnglng ,text , ^ s .^^c ^ v - 

Document. 4 describes:r,^-^ method, deyice .and arrangements ^ 
10 for .encrypted transmis3ion of information Jbetween . , ^ 
interconnected networks^ pr^fg^ably by meaps of ^the.., ^ 
protocol rTCP/ip^ See "^strac^" and Ifigi^re 1 and 2 with 
belonging text. . l.;: . -l^ '- ^ 

Document 5 describes determination of authenticity „of 
15 subscribers ^equipment by means ^-of TCP/IP The document does 
not deal with encrypted transmission. ^ 
The above foui^d .document are, .however, marred by the 
same problem as hfis; been, described above regarding 
encryption and signing of document -via Internet. 
20 ^ _ . . . : ^ . , : . -y-,' - 

SUMMARY OF THE INVENTION 

. The. aim of the, present invention., consequently, is to 
clear away- above mentipr>ed prpblem ,and provide 3/ very safe 
communacatdpn- via an informat ion. carjaying., network, s,u.ch as, 
25 for ansjtance,; -Internet • - • .. i \. \. ' ' 

ThiS: ai-m is. achieved by a .device -and method wljich „is 
characterized in that a software for signing and . encryption 
by. means of :Smart cards or, by means of software .is linked 
. -.together with a ^software which shows text, data entry 
30 fields ,--^buttons and icons etc, which linked-up -program is - 
utilized as a plug- in unit or Java-unit in a browser, at 
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which all iiifbrmation to/from the user is ~ ' " 

decrypted/ericrypted in said piug-in unit or said Java-Unit. 
Aii*' advantage 'with this is that all inte'rria'l - ' 

comthunicatiion regarding the security ori the local PC 'by 
5 that becdtne^ needlesss, Because all n^de'ssary pirocessiri^ of ' 

information is'^'Thade in the plilg-in^-uhit or Java-unit; 

supporting ^programs ^kecutirig as a^'paaft of t:he blrowser. 

Another 'advdhtag^ 'Is ' that ^all extrk steps are ' concealed 

from the user' and, if any," Intruders. If delicate ^ 
10 information shall be processieci, then the Java ^ oi' piug-in 

unit program can encrypt everything' that is going' but, arid 

decrypt evefythihg ' that is coming in automatically: Nb text 

en claiir will be trahisfhitted Between ^jrocesses, not even on 

the local computer. 
15 Because it is a" " living" program that ' is executed iii' 

the browser ,* there is possibility to do so much* more than 

in an ordinary HTML- form . . . « 

The program also can communicate over the network in the 

background, for instance for monitoring" processes . 
20 ^ ' ' ' ' ' - ^ ' - • ' ^ 

BRIEF DESCRIPTION OF THe' DRAWliSTG" ' 

In the following a more detailed description of the 
invention is given witli" reference to the only drawing. 
25 Figure 1 describes schematically the verification 

procedure in the telecommuni'cations system according to the 
present invention. 

DETAILED DESCRIPTION OF AN EMBODIMENT OF THE INVENTION 
30 The aim with the present invention is, as has been 

mentioned above, to effect a way to sign documents or 
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10 



25 



corresponding inf ormation ..eleQtr9pically ^ and to transmit 
.and xeceive encrypted inf orjnat ion , over . an JLpf prma^tion 
carrying communication network such ^s, . fo?;;. instance,, 
Internet, and where .said_enc?yption ,res„pfictiye signing 
shall be -.made by^mef:ns .of utilisation of ^smart cards qr ^by 
software, which can coppqraj^e with . said network.,.. 

. Tbe^ ^im, ahoye alibis t;o Triake ppi^pibl^.t^o. transm 
messages., with .persgr^al signatures.^ over ,lEjt^rnet . 

This pf . Gou^-se can...be us^d in a l^rge . number of ..^ . 
different connections ^uch as ejeptroriic banking, travel 
agencies , ,^ trade , of dif f erent^^ kinds^ pr^ controlled access to 
databases which, are . made^ access ib^ Yi^- the network. 



,In this embodiment different, services^ are described.Jv 
Which are made accessible from KTH's (KTH = "Kungl. 
15 Tekniska„ Hogskolan" , i.e.. "The. Royal,, Institute^ of 

Technology") documetitatipn system (LADOK) via Internjet,- 
provided that one, has authorization to, get access to these 

services. _ . _ r . . ^ „ 

Some abbreviations which will turn up continuously; in 
20 the description now will be explained: 

CA Certification Authority 

CGI Common Gateway Interface 

LADOC Local, ADP-based Documentation 
Sj/stetn; KTH's equivalent to ^ 
Uppsala University's UPPDOK. 
MIME Multipurpose Internet Mail Extensions 
NSAPI Netscape Seirver Application 
Progr^amming Jpterface 
30 URL Uniform Resource. Locator. 
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The intention now will be described 'with reference to 
Figure i . * ; 

The system accbrdin'g to the pr^esent invention 'consists 
of a computer '3, with "a Wetii-serVef (called the -server ^ 
5 computer) , one or 'more computers i 'with "a WWW -browser and a 
card reader for smart cards T In addition "all ' included 
computers 1 shall be connected to Internet. The client 
computer 1 includes' a safety' software 2. 

Smart cards are personal cards wxth storage, procei^sor, 
10 operative system etc . In these' are the private key which is 
needed for signing and encryption arid furthermbte a" ' 
certificate bf standard/The certificate' includes 

among other things the iiser^'s' public key; CA^s open key, 
information about the persbn etc: The card is' 'an electronic 
15 identity document which in' additiofi give's possibility to 
create personal electronic signatures which" are unique' to 
each person and* card'/ The^ authenticity of the signature is 
possible to check by all ' ieVe Is which have access to the 
person's open key. This key can be obtained from a trusted 
20 authority on the network. 

On the" server side a service aJpplicat ion 4 is conneced 
to the database LADOK 6, which service application includes 
a safety software 5 *^ " 

The invention consequently implies to make services 
25 from LADOK accessible via Internet. Other Services can, as 
has previously been mentioned, be" arranged on the network 
with the same technology, for instarice* banking services, 
booking of journeys etc. 

The service client 1 creates a signed message by ari 
30 'API-call" to the safety software 2, wheire the ' message is 
'given as parameters. The clieTit 1 waits for answer' which 
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can.be: signed message or type, of ,.error - aL.^signed 
message arrives at the client 1, this shall be packed into 
a strxicture .and transmitted over the .n.etwprk (I'WW) to the 
service application . 4 via the Web- server 3 for that ^ 
5 machine. The service .application 4 disassembles the 

structuire, and transmits. ^t>e .user identity and the signed 
message -to, the safety software 5 for verification. The 
verification shall, give, OK or error code.. If OK is 
received, tjie apglicat ion 4 shall transmit the message and 
10. user identity .tp.,LA3?OK 6 , for preparation, othep/ user 
identity. an4, message shall, be logged. The. application 4 
waits, . f or answer f yom LADOK ' s 6,, output,, or input ^ process ^ and 
returns , this ^nsw<s,r. t^p the service client 1 via the 
. network, The. answe.:^ can be i^.. P.^^iTiary^ text 
15 of some MIME-type,, 50 a, plug- in. unit ..{j^ shown) can be 
started on the cl^ienjt side l,. ^ . . _ 

. The answer shall include, a description of how the. work 
shall be possible^ to J^e,. extejided for encr^tion in both 
, .dir.ections . , . .... 

20 In the started plug-in unit in . the Web-browser at the 

. server client 1 then ,aJLl information which shall be 
transmitted to I^Q?; ,6..^if. ted ..in, which information is 
encrypted directly in the plug- in unit. Signing of _ 
information/document is. preferably made by a client,. 
25 , utilizing an ^ctiive card with personal code and a card 
reader connected... tq said plug- in unit. ^ When encrypted 
information is coming, ill from LADpK. 6 .to the service 
client's computer 1, the information is decrypted in the 
plug-in unit. ..... 

30 If^, however, ^..general software is made,, which supports 

HTML- form, management and certain extensions, then customer 
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adapted safety critibal applications Ccin be written with 
very small contribution of work. The client side gets 6iie 
copy of the program (possibly automatically downldaded) . 
The side wlfich contains the' extended fbmA tHeh starts' the 

5 program to show the content. The program "parses"' the 

extended HTML- form language and -sHoWs the content on the 
screen, Wheft the user— has made -all = the "feeding"^' and makes 
"submit", then all data is packed, signed an<i encfrypted. No 
programming is needed for the clients and these' ^moreover 

10 can use the same client software for a number of- different 
applications. - r r 

On the server side there is a need^ot some programming, 
but with a Software Development Kit, which, has. been 
developed , (empty frame program) it is -Qhly the customer 

15 unique programming that needs to be added.^„. 

Extension implies th^.t ^all communication over, the 
network, shall be encrypted. 

The signatures shall be possible to be created by means 
of smart cards. If the deliveries pf these, cards are 

20 delayed, the signatures will, to begin with, be created in , 
software. _ . _ . - - . 

In the following, preferred protocols and commands , 
which, are /necessary to implement the embodiment will be 
discussed. . . . • 

25 ..By network protocol is meant the protocol which is used 

between the Web-server and the Web-browser. , 

The service client 1 should transmit, a tuple with the 
. following ^appearance to the service application 4; 
Application=SECUNET6cVer=versionnumber&:., . . 

30 for instance 
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. Applicatipn==SECXJNET&Ver=l.. OO^Type='Sign&yeerC.ert= 
Msg= ...... &Signatu;r.e= . ... , - ;^ . .^^ ^. 

i - . Version nu^er a ^s^x^slI, nun±)er of , the .^typje , (in 
5 pseudo C-code^. , - . ^ . - * , 

. ( ' '.%D. 0%.2Q"'% n)a3^or/. -minor ). ■ : : 
r • Type, -i:? :a string whacJ^L, describes .the-; type of the 
i \ .rr TCi^ssaqBr,, GBti be. r- . ** ■ .... , * 

'-r,:;;. « .Normal' ^. - v- - ^.r ' r: • c : . 

10 . v:^ * - Sign: /-j.p ; j/ ^ : I.: ^/ i/ =v■^^^ * r . 

• Encrypt . " . v.: . 

.ri.: •> sign&Ehcrypt ^- - ^' - * " ■ " 

./ other- ^^es- "^^ s 
i The user certificate is the certificate from the 
15 smart card. ' ' - -^ v v . ...:.t ; ; - - ■ 

• The 'messsag'e should be a 6RL-enc6ded string of all 
information that exists iri the '^INPUT-fields* in ' 
the form.'' ^ ' ■ - - - . 

• Signature should be a* URL-encbded string of ' tlfie 

20 * ' signature. * * ' ' " ' 

To the version number there shall be a mapping 'which ' 
decides the number of fields and what each field contains. 
This makes it easier to make changes in the protocol. There 
shall be a mapping for each type of protocol. If the 
25 ""receiving application cannot manage the type of protocol, 
it shall returh ari"" error code, preferably in HTML- form. 

'If ' URL -encoding is 'used and" the' protocol' looks as 
above, existing CGI^programs" can be utilized' as basis fbr 
server applications. All binary data which shall be 
30 transmitted should be URL-encoded before" it" is transmitted ' 
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over the network.' lb- should- be realized that this ^applies 
to certificates, signatures and encrypted data. 

The service client 1 shall extend the functionality of 
some- type of WWW-browsei- ^making it manage- signing, 
5 encryption, authentication and verification/ As Netisckpe 
Navigator 2.0+ is" ^expected to be wfdely spread, and as' a 
lot of companies develop so called plug -in unit is for 
Navigator, that type of technology shal'l be used. 

A plug- in unit shall be produced which' can give 
10 possibility to read an input from' the^ network (a URL) , show' 
it to a client-, ' irit'eract "with the-- client and finally 
transmit "the result" over the'-netwofkr preferably xn ^the 
same form as FORM (see the HTML- documentation) makes use 

- of. -The plug-in uh^it shall Be ' associated 'with the MIME- ^ 
15 type : application/x-secunet and file extensions : ; secuhet 

and'.sec if these are not Engaged. * ' - 

Reciistration of MIME- types shall be'-made at Netscape by 

the agency of Telia Promotor . - ' ' - i. 

The input which the plug- in unit is expected to- read 
20 shall -consist of a subset bf^HTML.' This language should 

cbiitain the following commands (with - approximate ly - - 

corresporidning 'settiatntics as •\at*-HTML ' - 

25 - ■<BR> .^.'^.v.:-. - .i^.r - ■ . ■ 

- <HR> - • - • ' • - • • • ^- ■ • • ' 

- ' . *; ■ ^ <H1>. ^ .<H4>, <7h1-. . . </H4> o': . 

<A . . . > , - < /A> ' * ' - 

• <SELECT,'.,> • - ^- 

30 <FORM...>, </FORM> ' ' v 
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arxd: ;the -followAng commands with extended semantics: 



. 1. : :;. >INPUT, . , . / - i - -i::--! : 

Input- shal^l be- able, to, take^ an extra , pa.rameter : . 
5 EXTJINDED. ^This parameter only . need- to have .well-def ined; ., 
semajitigs ^l^out TYPE=SIJBMI^T -when it . indicates how. the- form 
shall;, be ^tr;ansnjitt^d : f^.. r ' s.. : - '.i, vc: . c : 
ENCRYPT- : .v.. 

^ ^ . ..SXC?N^, t^-^-:: I, . ^ -. a 

10; J , SIC^^ and, EJJCRYPT, ^ ^ - , . . .. , . i • 

... . '\ ..i ' • -fiossibL^ future extpnsdons-. ; . - 

. 1 When .cor;resjXQndin^^ f orrm.^ is activated., ^ 

suitable routinesj shall. /b^^ to, process ,the - indata 

whicht-are in *thje --form ^..)De former these are transmitted to. the 
15 . IJE^L. described i^ ; - ; v ^ - : : . — ■ c;- -J: 

All options which e:^i.st to ea^ch^HlKL-Qommand need; not 
. , be ^implemented, .jbut only thqse which are n^ecessary to make 
communication, interaction with- the. user , and ..signing to^: 

function^ -v, ; ■ .r ui-r'/ii ■ ;.vj. • - 

20 T^e client shall be ^possible, to, be run undqr MS-Windows, 

3.x and MS Windows 95/NT with -Netscape; Navigatoi;* . Which 
version that will be r^guired^ on. Navigator^ is to be... . 
determined by the application. Because Microsoft's Internet 
Explorer has launched the same API as there is in Netscape 
25 Navigator, . the plug-in unit probably will ...function with 
that software as well, but this is no demand. 

To make it possible to, .find out whether a message which 
is coming to the plug- in unit is an encrypted or a common 
message, the following protocol identifier (or 
30 corresponding) should be used: - 
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' " <HTML>'^' ' ? " • ; * ' ' ^ - * 

^ or 

<SECUNET VERSION=ver TYPE=type'> ^ " ^* ' - / ' 

where "ver" indicates the vef sion riumJDei' 'of - the protocbl 
5 and "type" indicates the type of the message, "which for 
instance is encrypted or is siglied? Lack- of protocbl 
identifier should"' be interpreted^ if the * message is of 
the "type normcil. ^ 

This is only for the purp'osse of facilitating a future 
10 extensidh' of the system. ^ - ■ ' ' - 

The service- applicati-dn^^ as a- CGI- or 

NSAPI -program (or corresponding) which shall receive ^ 
messages which' the sis'irvlce client ■! transmits i - 

Thie version field shall* "^be cbhtrolled in order to see 
15 whether the service application 4 can manage the protocol . 
If the version control fails; the prograin^ghall return an 
error code in HTML- form. In' other 'case th^ :^^type of the 
. message shall be controlled in order to see"^ if verification 
and/or decryption must be performed. Verification/ 1 
20 decryption, if - any; shall be -performed; and if it succeeds, 
' all parameters shall be' transmitted" to^ the product unique 

LADOK-codev otherwise the- parameters, user identity, if- 
.'any, : and i signature, if any; 3hall be logged. AS person 
identif ier shall be used civic iregistration number; - if this 
25 is accessible on the smart card; in the "certificate:: or in " 
another safe place. : *, ; . 

■ If there is no civic- registration number on the card, 
authentication only caji be made if there is a' safe mapping 
between the certificates and the civic xegistfation 
30- numbers , in ' for instanGe LADOK. '. 
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If the verification succeeds, it does not mean that the 
user is allowed to do what he/she likes in the system, but 
only that the identif iqation is co|ifirmed,. so floggings, if 
any, of jasers ~>/ho, ne^g!Le9,t their duties, in rLADOK .must^ be. 
5 made in the LADOK- system.. , . . ^ . ;^ ~ 

The tollowing.,^service^, s^^ ^, 
- Shqw^ ,X^he .five, late^t^ ^report^d .coiir;ses /^moment s. No 
inparameters . Returns at the most fiy^. courses ,t 
tpourse cpde) ajid ingxk..,./ . , ; - 

10 • Show status for a certain couirsey Xnparameter 

c r.O cpua^se Qode,, . six^charaqters-. Returns ra^x}c fpr^ the 
_ 'Course.; .> .:tw -■c-^i^'jX-" ^ :o • ;j' * ' ^^-t. 

• Show. -sum o,f,-jBassecJ,c^co\trse 

Returns- n^initoer: -o,f::rpas*sQd at^ the .most four 

15 ^ ■ characters.' ^^.o " Isc- r ^ ■.^p •.■ :: - \ ; . v - 

v. • show -c^rtifieiate >0f sbUdi.es . feo ;f. ax- or. .'printer Ip- 
parameter fax number /print er:iiumber.. vRe turns c-: 
. • ■ , OK/errorv -^^^v-... = ^ .:■ — " . I-:: i p -^^^r 

To . the :abo^e*.it possibly . cancbe'?necessary to include 
20 /civic .registration;.nuTObere;iI€: a. transaction ■ code . to map- 
course -code tO:, courser la^m^ivi^s^^ made accessible, ; the server 
will ^ return: qour^j^ n^me i^nst^atd^pf cQurse : code-. . ; 

The code shal'Jlbeipo$sible\ Jto be run -on machines . with 
^ the oper^Ltive systemsr UNIX or =. Witi^sws NT and must: not- be 
25 depending on a special: Webr server ; However , it is : : 
sufficient if the system functions with- ar few. different 
Web- servers ,(two or more) . .Parts of the- code- which are 
wriitteh" .uniquely f^)r a ^pertain operative system shall be 
documented separately to facilitate porting. - 
30 The application is programmed in such: :a way. that- it is 

easy to adapt the solution to new problems and should not 
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be written uniquely f or LADOK. ' Parts which are unique to 
^ LADOK shall be divided irito own source codes to facilitate 
reuse of the parts in commoh* ' ' ' 

What has loeen described above is only to be regarded as 
5 an advantageous emlDodiment of the invention, and the scope 
of protection of the invention is only defined by what "is 
indicated ih the following patent claims. 
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PATENT,- CLAIMS 

. 1 Device including a service client computer (1) and a 
www-browser at a telecommunications system, or a data, 
communications system which makes possible signing ai>d 
5 encryption of information which is transmitted between a 
transmitting equipment and a receiving equipment, 
characte r i z e d ir| that a software for signing 
and encryption by means of software or smart cards is 
linked together with a software which shows text, data 
10 entry fields, buttons and icons, etc, which linked up 

program is arranged to be utilized as a plug- in unit or a 
Java-unit in said WWW-browser, at which all information 
to/from said service client computer (1) is 

decrypted/encrypted in said plug- in unit or said Java-unit. 
15 2. Device according to patent claim 1, 

characterize din that said service client 
computer (1) includes* a safety software (2) for 
verification of said signature. 

3. Device according to patent claim 1 or 2, 

20 characterized in that said service client 

computer (1) is connected to a card reader, at which a user 
of said service client computer (1) identifies 
himself /herself by means of an active card together with a 
personal code, at which said active card includes a private 

25 key, which is needed for signing and encryption, and a 

certificate including a public key and personal data etc. 

4. Method which utilizes a service client computer (1) 
and a WWW-browser at a telecommunications system or a data 
communications system for signing and encryption of 

30 information which is transmitted between a -transmitting and 
a receiving equipment, characterizedin that a 
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software '.for, signitig ..and encryption by means of smart, cards 
or by ::means of software isr, linked together with. -a ^software 
which . shows text,^ da.t^a, entry fields/- buttons and icons,:? : 
etc,: which linked up progriam is utilized .as a plug- in unit 
5 or ..Java -unit in said :WWW-brovtger, at .:which all information 
to/from a user of -said serrvic.e. client computer (1) ;is , : 
decrypted/encrypted in sgid plug-in unit or said JaYa-unit. 

5. Method for verifiQation of. a 'Uj5:er, of the , service 
client ^computer . (1), according to the patent ^cl,aim .:4 , 
10 c h a r *a c t .e r i z e >d :in~that it includes the : at eps 

that: .. -v:.. -.^.t. . n-jr:, c..:- . / -M'l-^'i..- ': : . . -._'^r;^ 

a) the user of the server client computer. (1) creates a 
signed message by an API-call to the safety software (2), 
where said message is given as parameter, at which the 

15 service client computer (1) receives answer as "signed 
message" or "type of error". 

b) if a signed message arrives at the service client 
computer (1) the message shall be packed into a structure 
and be transmitted over the WWW-network to a service 

20 application (4) via a Web-server (3) for the service client 
computer (1), at "type of error", the message is logged; 

c) service application (4) disassembles the structure 
and transmits the user identity (AI) and the signed message 
to a safety software (5) for verification, at which the 

25 safety software (5) verifies the user or gives error code; 

d) at verification the service application (4) 
transmits the message and user identity to the database (6) 
to which the service client (1) wants access; at error code 
user identity and message are logged. 
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eP-the "service applicafidri =(4)- rec'eives^verificattion '- 
ansWer-'^'f rom' said database C'6) aitd jffeturris thi-s arJSvirer, ta^ 
the - service* cl ierit^ Gompute^r' - ( 1 ) via -izhe WWW-rletwor^k ; : 
v'. f ). the- answer whioh. Saiid sejwice cli^itt- ^computer (.1) 
5 receives - is ^of a text /html -^^form "or ^ of ^MIME- type whereby, 
said plug- in -Mnit :c>r ~.*Java-:Ainit S-tart/s ^^£n said WWW-browser 
. in the service client computer '(i) , - y .-:- 

• S', Method according t<5> patent 'ciaim 51 l i.^i*-* 
c h a ra-c t e r ^i' & -d iri that? saS>d ariswef -' from : said 
10 database (6) includes a description of 'how it shall be; 

possible to extend information transmission for encryption 
^ iri both direotidrigJ. - -^vt:.- a :: 1:. :.r?>^'r v, ' r r.nv 
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